cursor-compliance-audit
Compliance and security auditing for Cursor IDE usage: SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr", "cursor data governance".
89
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines a specific niche (compliance auditing for Cursor IDE), lists concrete actions (assessment, evidence collection, remediation across SOC 2/GDPR/HIPAA), and provides explicit trigger terms. The description is concise, uses third-person voice, and would be easily distinguishable from other skills in a large skill library.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation' — these are distinct, concrete activities within a well-defined domain. | 3 / 3 |
Completeness | Clearly answers both 'what' (compliance and security auditing for Cursor IDE: SOC 2, GDPR, HIPAA assessment, evidence collection, remediation) and 'when' (explicit triggers listed with 'Triggers on...' clause). | 3 / 3 |
Trigger Term Quality | Includes explicit natural trigger terms like 'cursor compliance', 'cursor audit', 'cursor security review', 'cursor soc2', 'cursor gdpr', 'cursor data governance' — these are terms users would naturally use when seeking this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining Cursor IDE with compliance/security auditing frameworks (SOC 2, GDPR, HIPAA). The 'cursor' prefix on all trigger terms further reduces conflict risk with generic compliance or generic Cursor skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong compliance auditing skill with excellent actionability—concrete checklists, specific remediation steps with verification, and clear evidence requirements. The workflow clarity is solid with validation checkpoints throughout. The main weakness is that the document is quite long for a SKILL.md and could benefit from splitting detailed audit checklists into separate files, and some content (like the GDPR rights table) adds bulk without adding much Claude doesn't already know.
Suggestions
Split the detailed SOC 2, GDPR, and HIPAA checklists into separate referenced files (e.g., SOC2_CHECKLIST.md, GDPR_CHECKLIST.md) and keep SKILL.md as a concise overview with links.
Remove or condense the GDPR Individual Rights table—Claude already understands these rights; just note Cursor-specific mechanisms (Privacy Mode, account deletion, settings export).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably well-organized but includes some information Claude would already know (e.g., what GDPR rights mean, general encryption descriptions). The data processing architecture diagram and certification table add value, but the overall document is quite long and could be tightened—particularly the GDPR individual rights table and some explanatory text. | 2 / 3 |
Actionability | The skill provides highly concrete, actionable checklists with specific steps, exact file patterns for .cursorignore, specific dashboard navigation paths, and clear remediation procedures. The evidence collection requirements are specific and copy-paste ready. | 3 / 3 |
Workflow Clarity | Each remediation playbook follows a clear numbered sequence with verification steps (e.g., 'Verify enforcement: check each member's status in dashboard', 'Confirm sensitive files absent from indexed list'). The audit checklists include explicit evidence requirements, and the HIPAA section includes a critical escalation step to consult compliance teams. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and sections, but it's a monolithic document that could benefit from splitting detailed checklists (SOC 2, GDPR, HIPAA) into separate referenced files. At ~200 lines, the inline detail is heavy for a SKILL.md overview. The Resources section at the end provides external links but no internal file references. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3e83543
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.